A movable __pycache__ - vulnerability?

An example to the contrary is daemontools' envdir mechanism, where the permissions for modifying a process's environment are entirely disjoint from what user it runs as. Usually the envdir and its contents are root-owned, but that's just a convention.